import os
import secrets

# JWT Settings
JWT_SECRET_KEY = os.getenv("JWT_SECRET_KEY", secrets.token_urlsafe(32))
JWT_ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30
REFRESH_TOKEN_EXPIRE_DAYS = 7

# Security Headers
SECURITY_HEADERS = {
    "X-Frame-Options": "DENY",
    "X-Content-Type-Options": "nosniff",
    "X-XSS-Protection": "1; mode=block",
    "Content-Security-Policy": "default-src 'self'",
    "Strict-Transport-Security": "max-age=31536000; includeSubDomains"
}

# Cookie Settings
COOKIE_SETTINGS = {
    "httponly": True,
    "secure": True,
    "samesite": "strict"
}

# Rate Limiting
RATE_LIMIT_ATTEMPTS = 5
RATE_LIMIT_PERIOD = 60  # seconds 